Grzegorz1975

Znasz może poniższy plik?
C:\ntuser.ini
Tu

Nie znam tego.

Ten folder usunąłem.

Nowy log z ComboFix

ComboFix 08-03-22.3 - Grzesiek 2008-03-26 14:56:42.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.59 [GMT 1:00]
Running from: C:\Documents and Settings\Grzesiek\Pulpit\pobrane pliki\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.

((((((((((((((((((((((((( Files Created from 2008-02-26 to 2008-03-26 )))))))))))))))))))))))))))))))
.

2008-03-23 15:36 . 2008-03-23 15:37 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-23 15:36 . 2008-03-23 16:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-03-23 14:25 . 2008-03-23 14:30 <DIR> d-------- C:\fixwareout
2008-03-21 16:53 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-21 16:53 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-21 16:53 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-21 16:53 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-21 16:53 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-21 16:53 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-21 16:53 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-21 16:53 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-05 00:32 . 2008-03-05 00:32 <DIR> d-------- C:\Documents and Settings\Grzesiek\Dane aplikacji\ArcaBit
2008-03-04 22:43 . 2008-03-04 22:43 20 --ahs---- C:\ntuser.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 13:50 --------- d-----w C:\Documents and Settings\Grzesiek\Dane aplikacji\Skype
2008-03-26 07:49 --------- d-----w C:\Documents and Settings\Grzesiek\Dane aplikacji\skypePM
2008-03-18 10:08 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2008-03-13 12:01 --------- d-----w C:\Program Files\eMule
2008-03-10 23:01 --------- d-----w C:\Program Files\SubEdit-Player
2008-03-10 23:01 --------- d-----w C:\Program Files\Atheros
2008-03-04 23:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\WinAnonymous
2008-03-04 21:46 --------- d-----w C:\Program Files\Tlen.pl
2008-03-04 20:26 --------- d-----w C:\Program Files\Common Files\aolback
2008-03-04 17:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-04 17:11 --------- d-----w C:\Program Files\Cossacks
2008-03-02 09:07 --------- d-----w C:\Program Files\Winamp
2008-01-27 20:42 --------- d-----w C:\Program Files\GamaGama Games
2008-01-27 19:03 --------- d-----w C:\Program Files\Gadu-Gadu
2008-01-27 08:19 --------- d-----w C:\Program Files\VAG-COM
2008-01-26 02:22 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-01-08 12:44 319 ----a-w C:\drmHeader.bin
2008-01-07 22:07 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-01-07 18:21 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2007-03-16 06:28 1,473,845,248 -c--a-w C:\Program Files\MSAutoRoute2007Ger.iso
2004-09-28 03:00 26,240 ----a-w C:\WINDOWS\inf\RAMDSK.SYS
2004-06-18 09:05 45,056 ----a-w C:\WINDOWS\inf\Slntinst.exe
2003-08-22 09:09 45,056 ----a-w C:\WINDOWS\inf\slntinst_staticW2k.exe
2007-01-12 19:31 5 --sha-w C:\WINDOWS\system32\badcdbbd0_s.dll
.

------- Sigcheck -------

2002-09-20 18:18 1959808 11b75fa69bf484d59f5a335a4287fa9b C:\WINDOWS\system32\ntkrnlpa.exe
2002-09-20 18:18 1949184 79d262478c985e736deb38ce2224fc75 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe

2002-09-20 17:12 2054144 a09d37ac95b588201ce48f41736c1319 C:\WINDOWS\system32\ntoskrnl.exe
2002-09-20 17:12 2043520 ae94ae0da6ed874ce08912fc63f8c6c2 C:\WINDOWS\system32\VITrans\ntoskrnl.exe

2002-09-20 18:05 1395712 cfb27a430c7628916c25fdf576b64649 C:\WINDOWS\explorer.exe
2002-09-20 18:05 1005568 f4af85d918e83d71341fce2aa5318181 C:\WINDOWS\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RestoreDesktop"="C:\Program Files\Restore Desktop\RestoreDesktop.exe" [2003-03-11 09:52 45056]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2007-12-07 11:16 6254592]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:23 21686568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-01-04 09:54 49152 C:\WINDOWS\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 18:13 77824 C:\WINDOWS\soundman.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 13:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 13:43 688218]
"BTUSRBDG"="BtUsrBdg.exe" [2003-11-05 21:21 53248 C:\WINDOWS\system32\BtUsrBdg.exe]
"BTSETBOOTKEY"="BTSetBootKey.exe" [2003-04-15 09:48 36864 C:\WINDOWS\system32\BTSetBootKey.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 18:05 13312]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a--c--- 2004-01-26 11:38 866816 C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]
C:\PROGRA~1\NEOSTR~1\CnxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\NEOSTR~1\Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"Messenger"=2 (0x2)

R2 athsgt;athsgt;C:\WINDOWS\System32\DRIVERS\athsgt.sys [2007-01-09 13:44]
R2 AWISp50;AWISp50 NDIS Protocol Driver;C:\WINDOWS\System32\Drivers\AWISp50.sys [2006-03-15 09:35]
R2 limsgt;limsgt;C:\WINDOWS\System32\DRIVERS\limsgt.sys [2007-01-09 13:44]
R2 osaio;osaio;C:\WINDOWS\System32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\System32\drivers\osanbm.sys [2005-01-14 15:57]
R3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\System32\DRIVERS\btkrnbdg.sys [2003-03-18 10:31]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\System32\DRIVERS\HSFHWSIS.sys [2004-12-15 14:18]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.8.1;C:\WINDOWS\System32\drivers\libusb0.sys [2004-11-18 19:47]
R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\System32\DRIVERS\V0260Vid.sys [2006-11-03 23:45]
R3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\System32\drivers\vadmulti.sys [2005-06-30 11:57]
S3 avmeject;AVM Eject;C:\WINDOWS\System32\drivers\avmeject.sys [2006-12-28 01:02]
S3 BTCOMM;BTCOMM;C:\WINDOWS\System32\drivers\Btcomm.sys [2004-09-28 15:18]
S3 CSRBC01;%CSRBC01.SvcDesc%;C:\WINDOWS\System32\Drivers\csrbc01.sys [2005-06-28 18:46]
S3 FWLANUSB;AVM FRITZ!WLAN;C:\WINDOWS\System32\DRIVERS\fwlanusb.sys [2006-12-28 01:02]
S3 G3GCUMDM;G3G C USB Modem;C:\WINDOWS\System32\DRIVERS\g3gcumdm.sys [2004-07-06 15:24]
S3 G3GCUSER;G3G C USB Serial;C:\WINDOWS\System32\DRIVERS\g3gcuser.sys [2004-07-06 15:24]
S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\System32\DRIVERS\sisnicxp.sys []
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 00:48]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 00:32]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\System32\ZDCndis5.SYS []

*Newly Created Service* - GTNDIS5
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-26 15:03:40
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Tlen.pl\hook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Arcor\Arcor Wlan-Monitor 1.0\ArcorWlanUtility.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
**************************************************************************
.
Completion time: 2008-03-26 15:06:18 - machine was rebooted [Grzesiek]
ComboFix-quarantined-files.txt 2008-03-26 14:06:13

Jeszcze na pasku zadań są trzy ikony i pisze na nich "Todays Funnies","Fun Flash","Funny Videos",jak to wykasowac???


Niżej log z Combofix-a.



ComboFix 08-03-22.3 - Grzesiek 2008-03-23 14:46:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.133 [GMT 1:00]
Running from: C:\Documents and Settings\Grzesiek\Pulpit\pobrane pliki\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Helper
C:\WINDOWS\BM533e2c7a.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\hosts
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\afiiydhl.ini
C:\WINDOWS\system32\bbhyyjiw.ini
C:\WINDOWS\system32\bilmrewp.ini
C:\WINDOWS\system32\cdmqpjnv.ini
C:\WINDOWS\system32\cgvyhpoi.ini
C:\WINDOWS\system32\cjqednpc.ini
C:\WINDOWS\system32\cpboevss.dll
C:\WINDOWS\system32\elryttcw.ini
C:\WINDOWS\system32\eulytbcf.ini
C:\WINDOWS\system32\fclvfubv.ini
C:\WINDOWS\system32\fvomgtgl.ini
C:\WINDOWS\system32\gbranawb.ini
C:\WINDOWS\system32\gigswqab.ini
C:\WINDOWS\system32\givgqvlx.ini
C:\WINDOWS\system32\gjgtknkw.ini
C:\WINDOWS\system32\gloxbpjy.ini
C:\WINDOWS\system32\gndxmkyl.ini
C:\WINDOWS\system32\gtsinrtx.ini
C:\WINDOWS\system32\hfjcjnxv.dll
C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hopbvtbk.ini
C:\WINDOWS\system32\icqlyhdy.ini
C:\WINDOWS\system32\ilcvgbvn.dll
C:\WINDOWS\system32\iqydrqll.ini
C:\WINDOWS\system32\jcyrlgua.ini
C:\WINDOWS\system32\jdvuelbl.dll
C:\WINDOWS\system32\jolancpy.ini
C:\WINDOWS\system32\jsqujltg.ini
C:\WINDOWS\system32\kbnattbv.dll
C:\WINDOWS\system32\kfleesmc.ini
C:\WINDOWS\system32\kkbhttcc.dll
C:\WINDOWS\system32\kprxkfmh.ini
C:\WINDOWS\system32\kshlwsgm.ini
C:\WINDOWS\system32\ktqqirwx.ini
C:\WINDOWS\system32\kyyotiip.ini
C:\WINDOWS\system32\lbjpsihr.ini
C:\WINDOWS\system32\lflwywic.ini
C:\WINDOWS\system32\lrsjhdxd.dll
C:\WINDOWS\system32\manyqnhp.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mecalwfk.dll
C:\WINDOWS\system32\meolrlhh.ini
C:\WINDOWS\system32\mliqhbuw.ini
C:\WINDOWS\system32\mydvxrvq.ini
C:\WINDOWS\system32\naunerjd.ini
C:\WINDOWS\system32\nfugjowq.ini
C:\WINDOWS\system32\nrsayych.ini
C:\WINDOWS\system32\odrxtpix.ini
C:\WINDOWS\system32\oxpkrfln.ini
C:\WINDOWS\system32\plwvehxw.ini
C:\WINDOWS\system32\ppisupqy.ini
C:\WINDOWS\system32\prutv.ini
C:\WINDOWS\system32\prutv.ini2
C:\WINDOWS\system32\prwxkctp.ini
C:\WINDOWS\system32\qmshglcm.ini
C:\WINDOWS\system32\qogynrky.ini
C:\WINDOWS\system32\roygubds.ini
C:\WINDOWS\system32\rpdcrnjy.ini
C:\WINDOWS\system32\rrnqjtbo.dll
C:\WINDOWS\system32\shqgacgs.ini
C:\WINDOWS\system32\skkejpvd.ini
C:\WINDOWS\system32\soqpvdte.ini
C:\WINDOWS\system32\ssinuott.ini
C:\WINDOWS\system32\tjbgukdb.ini
C:\WINDOWS\system32\tshwpbcu.ini
C:\WINDOWS\system32\tutqmhgt.ini
C:\WINDOWS\system32\tvaidlrf.ini
C:\WINDOWS\system32\uorlicji.ini
C:\WINDOWS\system32\vbufvlcf.dll
C:\WINDOWS\system32\vmvegrxw.ini
C:\WINDOWS\system32\vnhknire.ini
C:\WINDOWS\system32\vturp.dll
C:\WINDOWS\system32\weodhvfc.dll
C:\WINDOWS\system32\wkjenqco.ini
C:\WINDOWS\system32\wwxhryqc.ini
C:\WINDOWS\system32\xekagler.dll
C:\WINDOWS\system32\xohefojk.ini
C:\WINDOWS\system32\ybtoohia.ini
C:\WINDOWS\system32\ynbegfbe.ini
C:\WINDOWS\system32\ynkcpfhq.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DHLP


((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
.

2008-03-23 14:25 . 2008-03-23 14:30 <DIR> d-------- C:\fixwareout
2008-03-21 16:53 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-21 16:53 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-21 16:53 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-21 16:53 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-21 16:53 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-21 16:53 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-21 16:53 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-21 16:53 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-18 11:53 . 2008-03-18 11:53 241 --a------ C:\Pulpit.reg
2008-03-17 21:12 . 2008-03-17 21:12 <DIR> d-------- C:\Program Files\dbar
2008-03-17 21:12 . 2008-03-17 21:12 <DIR> d-------- C:\Documents and Settings\Grzesiek\Dane aplikacji\Deskbar_{019C0AE1-5059-4a40-998F-903665EC4443}
2008-03-17 13:24 . 2008-03-17 21:30 <DIR> d-------- C:\Program Files\winvi
2008-03-17 13:06 . 2008-03-19 16:14 1,319,042 ---hs---- C:\WINDOWS\system32\htysnurr.ini
2008-03-15 22:12 . 2008-03-17 13:03 1,367,043 ---hs---- C:\WINDOWS\system32\uordjfqe.ini
2008-03-14 22:05 . 2008-03-14 22:06 1,416,188 ---hs---- C:\WINDOWS\system32\ydxbmnky.ini
2008-03-14 11:57 . 2008-03-14 22:05 1,416,128 ---hs---- C:\WINDOWS\system32\yhbquuhj.ini
2008-03-05 00:32 . 2008-03-05 00:32 <DIR> d-------- C:\Documents and Settings\Grzesiek\Dane aplikacji\ArcaBit
2008-03-04 23:54 . 2008-03-04 23:54 <DIR> d-------- C:\Documents and Settings\Grzesiek\Dane aplikacji\WinAnonymous
2008-03-04 23:51 . 2008-03-07 14:07 205,576 --a------ C:\Documents and Settings\Grzesiek\Dane aplikacji\installer_en[1].exe
2008-03-04 22:43 . 2008-03-04 22:43 20 --ahs---- C:\ntuser.ini
2008-03-04 19:10 . 2008-03-04 22:59 1,673,582 ---hs---- C:\WINDOWS\system32\pxlcwgll.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 13:55 --------- d-----w C:\Documents and Settings\Grzesiek\Dane aplikacji\Skype
2008-03-22 20:55 --------- d-----w C:\Documents and Settings\Grzesiek\Dane aplikacji\skypePM
2008-03-18 10:08 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2008-03-13 12:01 --------- d-----w C:\Program Files\eMule
2008-03-10 23:01 --------- d-----w C:\Program Files\SubEdit-Player
2008-03-10 23:01 --------- d-----w C:\Program Files\Atheros
2008-03-04 23:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\WinAnonymous
2008-03-04 21:46 --------- d-----w C:\Program Files\Tlen.pl
2008-03-04 20:50 --------- d-----w C:\Program Files\Online Add-on
2008-03-04 20:26 --------- d-----w C:\Program Files\Common Files\aolback
2008-03-04 17:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-04 17:11 --------- d-----w C:\Program Files\Cossacks
2008-03-02 09:07 --------- d-----w C:\Program Files\Winamp
2008-01-27 21:29 --------- d-----w C:\Program Files\AdvancedCleaner Free
2008-01-27 20:42 --------- d-----w C:\Program Files\GamaGama Games
2008-01-27 19:03 --------- d-----w C:\Program Files\Gadu-Gadu
2008-01-27 08:19 --------- d-----w C:\Program Files\VAG-COM
2008-01-26 02:22 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-01-26 02:14 --------- d-----w C:\Documents and Settings\Grzesiek\Dane aplikacji\winpcdoctor
2008-01-26 01:54 --------- d-----w C:\Documents and Settings\Grzesiek\Dane aplikacji\WinSecureAv
2008-01-25 09:24 --------- d-----w C:\Program Files\Arcor
2008-01-08 12:44 319 ----a-w C:\drmHeader.bin
2008-01-07 22:07 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-01-07 18:21 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2007-03-16 06:28 1,473,845,248 -c--a-w C:\Program Files\MSAutoRoute2007Ger.iso
2004-09-28 03:00 26,240 ----a-w C:\WINDOWS\inf\RAMDSK.SYS
2004-06-18 09:05 45,056 ----a-w C:\WINDOWS\inf\Slntinst.exe
2003-08-22 09:09 45,056 ----a-w C:\WINDOWS\inf\slntinst_staticW2k.exe
2007-01-12 19:31 5 --sha-w C:\WINDOWS\system32\badcdbbd0_s.dll
.

------- Sigcheck -------

2002-09-20 18:18 1959808 11b75fa69bf484d59f5a335a4287fa9b C:\WINDOWS\system32\ntkrnlpa.exe
2002-09-20 18:18 1949184 79d262478c985e736deb38ce2224fc75 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe

2002-09-20 17:12 2054144 a09d37ac95b588201ce48f41736c1319 C:\WINDOWS\system32\ntoskrnl.exe
2002-09-20 17:12 2043520 ae94ae0da6ed874ce08912fc63f8c6c2 C:\WINDOWS\system32\VITrans\ntoskrnl.exe

2002-09-20 18:05 1395712 cfb27a430c7628916c25fdf576b64649 C:\WINDOWS\explorer.exe
2002-09-20 18:05 1005568 f4af85d918e83d71341fce2aa5318181 C:\WINDOWS\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]
C:\Program Files\Online Add-on\isfmdl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC11617C-259E-429c-9063-7D70B8355EBD}]
2007-11-14 14:36 1486848 --a------ C:\Program Files\dbar\Deskbar.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{8113B5DE-F7EB-4154-A311-497FB80D8BD0}"= C:\Program Files\Online Add-on\ictmdl.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{8113b5de-f7eb-4154-a311-497fb80d8bd0}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RestoreDesktop"="C:\Program Files\Restore Desktop\RestoreDesktop.exe" [2003-03-11 09:52 45056]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2007-12-07 11:16 6254592]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:23 21686568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-01-04 09:54 49152 C:\WINDOWS\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 18:13 77824 C:\WINDOWS\soundman.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 13:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 13:43 688218]
"BTUSRBDG"="BtUsrBdg.exe" [2003-11-05 21:21 53248 C:\WINDOWS\system32\BtUsrBdg.exe]
"BTSETBOOTKEY"="BTSetBootKey.exe" [2003-04-15 09:48 36864 C:\WINDOWS\system32\BTSetBootKey.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 18:05 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrstts]
rqrstts.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a--c--- 2004-01-26 11:38 866816 C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]
C:\PROGRA~1\NEOSTR~1\CnxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\NEOSTR~1\Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"Messenger"=2 (0x2)

R2 athsgt;athsgt;C:\WINDOWS\System32\DRIVERS\athsgt.sys [2007-01-09 13:44]
R2 AWISp50;AWISp50 NDIS Protocol Driver;C:\WINDOWS\System32\Drivers\AWISp50.sys [2006-03-15 09:35]
R2 limsgt;limsgt;C:\WINDOWS\System32\DRIVERS\limsgt.sys [2007-01-09 13:44]
R2 osaio;osaio;C:\WINDOWS\System32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\System32\drivers\osanbm.sys [2005-01-14 15:57]
R3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\System32\DRIVERS\btkrnbdg.sys [2003-03-18 10:31]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\System32\DRIVERS\HSFHWSIS.sys [2004-12-15 14:18]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.8.1;C:\WINDOWS\System32\drivers\libusb0.sys [2004-11-18 19:47]
R3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\System32\drivers\vadmulti.sys [2005-06-30 11:57]
S3 avmeject;AVM Eject;C:\WINDOWS\System32\drivers\avmeject.sys [2006-12-28 01:02]
S3 BTCOMM;BTCOMM;C:\WINDOWS\System32\drivers\Btcomm.sys [2004-09-28 15:18]
S3 CSRBC01;%CSRBC01.SvcDesc%;C:\WINDOWS\System32\Drivers\csrbc01.sys [2005-06-28 18:46]
S3 FWLANUSB;AVM FRITZ!WLAN;C:\WINDOWS\System32\DRIVERS\fwlanusb.sys [2006-12-28 01:02]
S3 G3GCUMDM;G3G C USB Modem;C:\WINDOWS\System32\DRIVERS\g3gcumdm.sys [2004-07-06 15:24]
S3 G3GCUSER;G3G C USB Serial;C:\WINDOWS\System32\DRIVERS\g3gcuser.sys [2004-07-06 15:24]
S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\System32\DRIVERS\sisnicxp.sys []
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 00:48]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 00:32]
S3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\System32\DRIVERS\V0260Vid.sys [2006-11-03 23:45]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\System32\ZDCndis5.SYS []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 14:54:43
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Tlen.pl\hook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\system32\cscript.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
**************************************************************************
.
Completion time: 2008-03-23 14:57:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-23 13:57:39